Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows... Low Unreviewed
CVE-1999-1386 was published Apr 30, 2022
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files... Low Unreviewed
CVE-2005-1916 was published May 1, 2022
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is... Low Unreviewed
CVE-2005-0824 was published May 1, 2022
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack... Low Unreviewed
CVE-2005-1879 was published May 1, 2022
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite... Low Unreviewed
CVE-2005-0587 was published May 1, 2022
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode... Low Unreviewed
CVE-2003-0844 was published Apr 29, 2022
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers,... Low Unreviewed
CVE-2003-1233 was published Apr 29, 2022
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks Low Unreviewed
CVE-2013-4184 was published May 5, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
GoLismero symlink attack Low
CVE-2012-0054 was published for golismero (pip) May 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database